I believe that client_secret_expires_at was a signal to clients that they
should plan on retrieving a new client_secret value around that time. That
makes sense if you have the management protocol to do so, but I agree with you
that it isn't very useful without it. Maybe it should be moved to the
management spec?
-- Mike
-----Original Message-----
From: OAuth [mailto:[email protected]] On Behalf Of Brian Campbell
Sent: Thursday, July 10, 2014 2:43 PM
To: Hannes Tschofenig
Cc: [email protected]
Subject: [OAUTH-WG] client_secret_expires_at in Dynamic Client Registration
(was Shepherd Writeup for Dynamic Client Registration Draft)
I'm trying to understand the client_secret_expires_at parameter in Dynamic
Client Registration? It seems rather awkward to have an expiration in this
protocol that doesn't allow for anything to be done after expiration other than
doing a whole new registration (and thus losing the client id).
And why does expiration only apply to the client secret? If there's a need for
expiration, isn't it broader than that and apply to the whole client or the
client id?
I tried to ask these questions, more or less, in April during last call but
there was no response:
http://www.ietf.org/mail-archive/web/oauth/current/msg12738.html
On Tue, Jul 8, 2014 at 5:46 AM, Hannes Tschofenig <[email protected]>
wrote:
> Hi all,
>
> I am working on the shepherd writeup for the dynamic client
> registration draft.
>
> You can find the latest draft here:
> https://github.com/hannestschofenig/tschofenig-ids/blob/master/shepher
> d-writeups/Writeup_OAuth_DynamicClientRegistration.txt
>
> As you can see it is still incomplete.
>
> I would need information about the implementation status.
>
> Ciao
> Hannes
>
>
> _______________________________________________
> OAuth mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/oauth
>
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
